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DETAILED ACTION 



1 . Claims 1 -1 3 have been examined. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 2, 6, 8 and 12-17 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Shear et al. (US 6,157,721), hereafter Shear, in view of Whittle 

("Public Key Authentication Framework: A Tutorial," whitepaper, First Principles 

Consulting, June 1996). 

Regarding claim 1, Shear discloses a public key certificate issuing system 

comprising: 

a certificate authority for issuing a public key certificate of an entity which uses 
said public key certificate (verifying authority) and said certificate authority being 
constituted by a plurality of certificate authorities each executing a different signature 
algorithm, transferring a public key certificate between said plurality of certificate 
authorities response to said public key certificate issuing request, attaching a digital 
signature on message data constituting said public key certificate in accordance with 
said different signature algorithm at each certificate authority, and issuing a multi-signed 
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public key certificate storing a plurality of signatures based on different signature 
algorithms (Fig. 7; col. 10, lines 32-59; col. 14, line 61, through col. 8, line 22; col. 16, 
lines 12-36). 

But Shear does not explain that the system comprises a registration authority for 
sending a public key from an entity under certificate issuing request received control to 
said certificate authority. 

However, Whittle teaches a public key authentication system comprising a 
registration authority for sending a public key from an entity under certificate issuing 
request received control to a certificate authority for the purpose of administrative 
efficiency by acting as a conduit between the certification authority and an entity 
requesting certification (organizational registration authority sends a request for 
issuance to organizational certification authority; page 8). 

Therefore, it would be obvious to one of ordinary skill in the computer art at the 
time the invention was made to modify the invention of Shear with the teaching of 
Whittle to provide a system comprising a registration authority for sending a public key 
from an entity under certificate issuing request received control to said certificate 
authority. One would be motivated to do so in order to increase administrative 
efficiency in the handling of certification requests. 

Regarding claim 2, the modified device of Shear and Whittle is relied upon as 
applied to claim 1 , and Shear and Whittle further teach that said plurality of certificate 
authorities include a Rivest-shamir-Adleman certificate authority for executing signature 
generation processing based on a Rivest-shamir-Adleman signature algorithm and an 
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elliptic curve cryptography certificate authority for executing signature generation 
processing based on an elliptic curve cryptography algorithm, said signatures stored in 
said multi-signed public key certificate including a signature based on said Rivest- 
Shamir-Adleman signature algorithm and a signature based on said elliptic curve 
cryptography signature algorithm (Shear, col. 13, lines 43-49). Therefore, for reasons 
given above, such a claim also would have been obvious. 

Regarding claims 6 and 8, this is a method version of the claimed system 
discussed above (claims 1 and 2), wherein all claim limitations have been addressed. 
Thus, for the reasons provided above, such claims also would have been obvious. 

Regarding claim 7, the modified device of Shear and Whittle is relied upon as 
applied to claim 6, and Shear and Whittle further teach that at least one of said plurality 
of certificate authorities executes a step of generating a signature for a signed public 
key certificate by applying a signature algorithm which is signed public key different 
from that attached to said certificate and attaching the generated signature to said 
signed public key certificate (different algorithms used by subsequent signers to defeat 
cryptographic attack; col. 16, lines 22-36). Therefore, such a claim also would have 
been obvious. 

Regarding claims 12-14, these are information-processing-apparatus versions 
of the claimed system discussed above (claims 1,1, and 2, respectively), wherein all 
claim limitations have been addressed. Thus, for the reasons provided above, such 
claims also would have been obvious. 
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Regarding claims 15 and 16, these are information-recording-medium versions 
of the claimed system discussed above (claims 1 and 2), wherein all claim limitations 
have been addressed. Thus, for the reasons provided above, such claims also would 
have been obvious. 

Regarding claim 17, this is a program-storage-medium version of the claimed 
system discussed above (claim 1), wherein all claim limitations have been addressed. 
Thus, for the reasons provided above, such a claim also would have been obvious. 

3. Claims 3 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shear and Whittle, as applied to claim 1 , and further in view of Chokhani 
("Comment on RFC 2527," The Internet Society, March 1 999). 

Regarding claim 3, Shear and Whittle do not explicitly explain that at least one 
of said plurality of certificate authorities has a configuration for executing processing of 
storing a generated signature and signature information including signature algorithm 
information associated with said generated signature into an extended area of said 
public key certificate. 

However, Chokhani teaches a public key system wherein at least one of said 
plurality of certificate authorities has a configuration for executing processing of storing 
certificate policies into an extended area of said public key certificate for the purpose of 
providing storage of additional certificate policies that are not provided for in the basic 
X.509 certificate policy framework, particularly where the policies are highly customized 
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(e.g. certificate policies extension, section 3.3.1, and policy mappings extension, section 
3.3.2; pages 5-7). 

Therefore, it would be obvious to one of ordinary skill in the computer art at the 
time the invention was made to modify the modified device of Shear and Whittle with the 
teaching of Chokhani such that at least one of said plurality of certificate authorities has 
a configuration for executing processing of storing a generated signature and signature 
information including signature algorithm information associated with said generated 
signature into an extended area of said public key certificate. One would be motivated 
to do so because the basic certificate framework is insufficient to store policy 
information regarding multiple signatures using different signature algorithms, 
particularly where the policies are highly customized. 

Regarding claim 9, this is a method version of the claimed system discussed 
above (claim 3), wherein all claim limitations have been addressed. Thus, for the 
reasons provided above, such a claim also would have been obvious. 

4. Claims 4 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shear, Whittle and Chokhani, as applied to claim 3, and further in view of Levi et 
al. ("A Multiple Signature Based Certificate Verification Scheme," Proceedings of 
BAS'98, The Third Symposium on Computer Networks, June 1998), hereafter Levi. 

Regarding claim 4, the modified device of Shear, Whittle and Chokhani as 
applied to claim 3 is relied upon for teaching the storing of signature information 
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including signature algorithm information associated with the generated signature into 
an extended area. 

But Shear, Whittle and Chokhani do not explicitly explain that at least one of said 
plurality of certificate authorities has a configuration for executing processing of storing 
a generated signature into an area other than a basic area and an extended area 
of said public key certificate. 

However, Levi teaches a public key certification system wherein at least one of a 
plurality of certificate authorities has a configuration for executing processing of storing 
a generated signature into an area other than a basic area and an extended area 
of a public key certificate for the purpose of accommodating multiple signatures, 
particularly where the existing frameworks such as X.509 do not provide for them 
(append multiple signatures to the end of the certificate; see section 6.2). 

Therefore, it would be obvious to one of ordinary skill in the computer art at the 
time the invention was made to modify the modified device of Shear, Whittle and 
Chokhani with the teaching of Levi such that at least one of said plurality of certificate 
authorities has a configuration for executing processing of storing a generated signature 
into an area other than a basic area and an extended area of said public key certificate. 
One would be motivated to do so in order to accommodate multiple signatures, 
particularly where the existing frameworks such as X.509 do not provide for them. 

Regarding claim 10, this is a method version of the claimed system discussed 
above (claim 4), wherein all claim limitations have been addressed. Thus, for the 
reasons provided above, such a claim also would have been obvious. 
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5. Claims 5 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shear and Whittle, as applied to claim 1 , and further in view of Levi. 

Regarding claim 5, Shear and Whittle do not explicitly explain that at least one 
of said plurality of certificate authorities has a configuration for executing processing of 
storing, into said public key certificate, flag information indicating whether at least two 
signatures are included in said public key certificate. 

However, Levi teaches that the existing X.509 standard for assumes a single 
signature and that the structure would need to be modified for the purpose of 
accommodating multiple signatures (section 6.2). And the Examiner takes official notice 
that one of ordinary skill in the computer art at the time the invention was made would 
recognize the storing of flag information as a common technique in distinguishing 
between one of two different states, in this case the state indicating at least two 
signatures are included in a public key certificate or the state indicating a single 
signature. 

Therefore, for the reasons given above, such a claim also would have been 
obvious. 

Regarding claim 11, this is a method version of the claimed system discussed 
above (claim 5), wherein all claim limitations have been addressed. Thus, for the 
reasons provided above, such a claim also would have been obvious. 



Conclusion 
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6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Sudia (US 5,659,616) discloses a public key certification system comprising a 
hierarchy of certification authorities. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to John Elmore whose telephone number is 571-272-4224. 
The examiner can normally be reached on M 10-8, T-Th 9-7. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Greg Morse can be reached on 571-272-3838. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





